Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 up to and including 6.1.1 allow remote malicious users to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codeworx technologies dcp-portal 5.3 |
||
codeworx technologies dcp-portal 6.1.1 |
||
codeworx technologies dcp-portal 5.3.1 |
||
codeworx technologies dcp-portal 5.3.2 |
||
codeworx technologies dcp-portal 6.0 |
||
codeworx technologies dcp-portal 6.1 |